API Authentication
Flow
Description:
- Merchant calls API to get JWT Token.
- Baokim authenticates merchant based on direct integration with Baokim:
- If Master integrates → use Master Merchant authentication credentials.
- If Sub integrates → use Sub Merchant authentication credentials.
API Information
Method: POST
URL: /b2b/auth-service/api/oauth/get-token
Request
(Parameters sent by merchant)
Main Parameters Table
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | merchant_code | String(50) | ✅ | Merchant code by Baokim |
| 2 | client_id | String(50) | ✅ | Client ID by Baokim |
| 3 | client_secret | String(50) | ✅ | Client Secret by Baokim |
Request Example
{
"merchant_code": "BAOKIMMRC",
"client_id": "BAOKIMMRC",
"client_secret": "iOiJKV1QiLCJhbGciOiJIUzI1NiJ9"
}
Response
(Parameters Baokim returns)
Main Parameters Table
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | code | Number(3) | ✅ | Baokim error code |
| 2 | message | String(200) | ✅ | Error message |
| 3 | data | Object | ✅ | Data Baokim returns |
Data Information
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | access_token | String | ✅ | JWT Token string |
| 2 | token_type | String | ✅ | Token type (bearer) |
| 3 | expired_at | DateTime | ✅ | Token expiration time |
Response Example
{
"code": 100,
"message": "Successfully",
"data": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkyOTIvYXBpL2IyYl9hdXRoL2xvZ2luIiwiaWF0IjoxNzA2MDgwODU1LCJleHAiOjE3MDYwODQ0NTUsIm5iZiI6MTcwNjA4MDg1NSwianRpIjoiV0FUWnpJZTB3d0NuU1dpNSIsInN1YiI6IjEiLCJwcnYiOiIyM2JkNWM4OTQ5ZjYwMGFkYjM5ZTcwMWM0MDA4NzJkYjdhNTk3NmY3IiwibWVyY2hhbnRfaW5mbyI6eyJjb2RlIjoiYWJjIn0sInNjb3BlcyI6W3siYWN0aW9uIjoiR0VUIiwidXJpIjoiYWJjLmNvbSJ9LHsiYWN0aW9uIjoiUE9TVCIsInVyaSI6Inh5ei5jb20ifV19.aRfdvwFz8CDiBqHoCG8IGfPC0bO4vhXRvY76dupRx9k",
"token_type": "bearer",
"expired_at": "2025-10-30 14:41:00"
}
}
Error Code
| Error Code | Description |
|---|---|
| 100 | Success |
| 11 | Failed |
| 101 | Baokim system error |
| 104 | OAuth authentication error |
| 105 | Invalid digital signature |
| 301 | Order not found by order_code |
| 302 | Card issue (does not exist, expired) |
| 303 | Card declined |
| 304 | Insufficient card balance |
| 305 | User cancelled transaction |
| 306 | Incorrect OTP |
| 308 | Transaction has not completed Authentication |
| 309 | Transaction has not completed Authorization |
| 310 | Transaction already reversed, cannot capture |
| 311 | Transaction already captured, cannot reverse |
| 313 | Bank-side processing error |
| 422 | Validation error: RequestId invalid |
| 422 | Validation error: RequestTime invalid |
| 422 | Validation error: PartnerCode invalid |
| 422 | Card_data invalid |
| 422 | Amount invalid |